If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

AOL Instant Messenger Vulnerability

AOL Instant Messenger (AIM) has a major security vulnerability in the latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This vulnerability will allow remote penetration of the victim's system without any indication as to who performed the attack. There is no opportunity to refuse the request.

This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in.

This particular vulnerability results from an overflow in the code that parses a game request. The actual overflow appears to be in the parsing of TLV type 0x2711. This may be more generic and exploitable through other means, but AOL has not released enough information about their protocol for us to be able to determine that.

AOL Instant Messenger (http://www.aim.com) has over 100 million users.Almost all of these users are Windows users and directly vulnerable to this.